PRIVACY POLICY

Effective Date: August 23, 2025

Bath Planet (the “Company,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains what personal information we collect, how we use and share it, and your choices regarding your information. We comply with applicable privacy laws in Canada and the United States, such as the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada and the California Consumer Privacy Act (CCPA) in the U.S. By using our website or services, you agree to the collection and use of information as described in this Policy.

Information We Collect

Personal Information You Provide: We collect personal information that you voluntarily provide to us (for example, when requesting a quote, making a purchase, or contacting us). This may include your name, contact details (email address, phone number, mailing address), account credentials (if you create an account), and any other information you choose to provide. If you request services or a consultation, we may also collect details related to your project or preferences. We do not actively collect sensitive personal data (e.g. health or financial information) unless necessary to provide our services or process a transaction, and we will obtain your consent if required by law for such collection.

Payment Information: When you make a purchase or payment through our site, we (or our authorized payment processor) collect information necessary to process the transaction. This may include credit card numbers or other payment details. However, we use a trusted third-party payment gateway (such as Authorize.Net) to handle credit card transactions, and we do not store your full credit card information on our servers. Payments are transmitted securely and encrypted in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). All payment processors we use adhere to PCI-DSS requirements, which help ensure the secure handling of credit card data. Your payment transaction data is used only as needed to complete the purchase and is retained only as long as necessary for that purpose.

Automatically Collected Data: When you visit our website, we automatically receive certain technical information about your device and usage. This can include your IP address, browser type, device identifiers, pages viewed, and the dates/times of access. We may use cookies and similar tracking technologies to collect this information. Cookies are small text files that help remember your preferences and activity on our site. For example, we may use cookies to recognize you on return visits, to analyze how the site is used, and to personalize content. You can set your browser to refuse cookies or alert you when cookies are being sent; however, some parts of our site may not function properly without cookies. We do not currently respond to “Do Not Track” signals because there is no consistent industry standard for compliance.

Non-Personal and Aggregated Data: We may collect data that does not identify you personally, such as de-identified or aggregated information. For example, we might track overall site visitor trends for analytics purposes (e.g. tracking how many users visit a page or use a feature). This information helps us improve our website and services and does not contain personal details.

How We Use Your Information

We use the collected information for the following purposes:

To Provide Services and Fulfill Requests: We process your personal information to deliver the products or services you request, to schedule appointments or consultations, and to otherwise carry out our obligations in any contracts with you. For example, we use your contact information to communicate with you about your project or order and your payment information to process transactions you’ve authorized.

To Process Payments: If you make purchases or payments, we use your information to process those transactions securely. As noted, payments are handled by third-party processors in a secure manner compliant with PCI-DSS standards. This ensures your financial data is protected during the transaction process.

To Communicate with You: We may use your contact information (email, phone, mailing address) to send important notices or updates about your project, order status, or our terms and policies. We also respond to your inquiries, questions, and customer service requests using the information you provide. With your permission or as allowed by law, we may send you marketing and promotional communications about our services or new offers. You can opt out of marketing emails at any time by using the unsubscribe link provided or contacting us directly.

To Improve Our Services and Website: We use usage data and feedback to understand how our services are being used and to make improvements. This includes analyzing site traffic and user behavior to troubleshoot issues, test new features, and enhance your browsing experience. For instance, we might use analytics tools (like Google Analytics) to collect information about how visitors navigate our site, which helps us optimize content and layout. These analytics may provide us with aggregated insights (e.g., page views, time on site) that do not directly identify individuals.

To Ensure Security and Prevent Misuse: We may process personal data as needed to prevent fraud, enforce our Terms of Service, comply with legal requirements, or protect the rights and safety of our users, our Company, and others. For example, we might use information to verify user identity, monitor for fraudulent transactions, or detect security incidents. If necessary, we will use and share information to investigate or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, or as evidence in litigation in which we are involved.

To Comply with Legal Obligations: Any information we collect may be used to meet applicable legal and regulatory requirements. For example, retaining transaction records for tax and accounting purposes, or disclosing information in response to lawful requests by public authorities (such as court orders or subpoenas). We only disclose the data that is necessary to comply with such obligations (see “How We Share Information” below for more details on legal disclosures).

How We Share Your Information

We value your privacy and handle your personal information with care. We do not sell your personal information to third parties for their marketing purposes. However, we may share information in the following circumstances:

Service Providers: We share information with third-party companies who perform services on our behalf (“service providers”). This includes, for example, our payment processing partners, financial institutions, scheduling and customer management tools, email or IT service providers, and shipping/delivery companies (if applicable). These service providers are given access only to the information necessary to perform their specific services, and they are contractually obligated to protect your information and use it only for the purposes we specify. For instance, our payment processor (e.g., Authorize.Net or similar) will receive your credit card and transaction details to process payments, but they have their own privacy obligations and will not use that data for other purposes. We encourage you to review the privacy policies of any third-party services that handle your personal information on our behalf.

Business Partners and Affiliates: If we partner with another company to jointly offer products or services, or if your transaction is facilitated through a local franchise/operator (as may be the case with Bath Planet’s dealer network), we may share your information with those partners or affiliated entities as needed to provide the service. In such cases, the partner will be contractually required to protect your information in a manner consistent with this Privacy Policy. We may also share your information within our corporate family (such as with a parent company, subsidiaries, or affiliates) for internal administrative purposes.

Legal Requirements and Protection: We may disclose personal information when required to do so by law or in a good-faith belief that such action is necessary to comply with legal obligations. This includes sharing information in response to lawful requests by public authorities (e.g., government or law enforcement), to meet national security or law enforcement requirements. We may also disclose information to protect our rights or property, enforce our terms, investigate fraud, or protect the safety of our users or the public. For example, we might release information to law enforcement in response to a valid subpoena, or use information to pursue remedies or limit damages in the event of a security incident or data breach.

Business Transfers: In the event the Company undergoes a business transaction such as a merger, acquisition, reorganization, or sale of some or all assets, your personal information may be disclosed to the prospective or actual acquiring party as part of due diligence or transferred to the new owner as part of the transaction. If such a transfer occurs, we will ensure your information remains subject to protections consistent with this Privacy Policy, and we will notify you (for example, via a notice on our website) if your data becomes subject to a different privacy policy as a result.

With Your Consent: Apart from the cases above, we will ask for your consent before using or sharing your personal information for any purpose that is not covered by this Privacy Policy. You have the right to withdraw such consent at any time. For instance, if we ever want to post a customer testimonial or review that contains personal information, we would obtain your permission prior to publication.

Non-Personal Data: We may share aggregate or de-identified data (which cannot reasonably be used to identify you) with third parties for lawful purposes. For example, we might publish trends about the usage of our services or share statistics with business partners or advertisers (e.g., “X% of customers are interested in product Y”), as long as this information does not personally identify any individual.

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to distinguish you from other users and to improve your experience. Cookies are small files stored on your browser or device that help websites remember information about your visit. We use cookies for several reasons:

Essential Cookies: Some cookies are necessary for the website to function properly (for example, to keep you logged in to your account if applicable, or to remember items in a shopping cart). These cookies enable core functionality such as security, network management, and accessibility. You can set your browser to block or alert you about these cookies, but certain parts of the site may not work without them.

Analytics and Performance Cookies: We use these to collect information about how visitors use our site, which pages are popular, or if any errors occur. This data helps us improve the website’s performance and your experience. For instance, we might use Google Analytics or similar tools that use cookies to track page view statistics and other usage details. The information collected is typically aggregated and does not identify you personally. You can opt out of Google Analytics tracking by installing the Google Analytics opt-out browser add-on, or opt out of targeted advertising cookies through tools provided by industry organizations (such as the Digital Advertising Alliance’s opt-out page).

Functional Cookies: These cookies remember choices you make (such as your username, language, or region) to provide enhanced, more personalized features. For example, a functional cookie may remember your preferences for future visits.

Advertising/Targeting Cookies: We currently do not significantly use advertising cookies on our site. However, if in the future we partner with online advertisers (like Google or Facebook Ads), those third parties may set cookies to deliver targeted ads based on your browsing activities. These cookies can track your visits to our site and other sites to show you relevant ads. If we engage in such practices, we will update this policy and provide you with appropriate disclosures and choices (including the ability to opt-out) in line with applicable laws.

You have choices regarding cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies or alert you when a cookie is being placed on your device. Please note that disabling cookies may affect the functionality and features of our site – for example, some parts of the site might not remember your preferences or login details. For more information about cookies and how to manage or delete them, visit your browser’s help documentation or websites like AllAboutCookies.org.

We do not respond to “Do Not Track” (DNT) signals because no consistent industry standard for DNT has been adopted to date. If this changes in the future, we will update our practices accordingly.

Data Security

We take the security of your personal information seriously. The Company implements reasonable physical, technical, and administrative security measures to protect your data from unauthorized access, alteration, disclosure, or destruction. These measures include, for example, firewall and encryption technologies, access controls to data centers and files, and employee training on data protection.

When you enter sensitive information (such as credit card data) on our website, we use encryption protocols like Secure Socket Layer (SSL) to protect that data in transit. Credit card information is handled by our PCI-DSS-compliant payment processors and, if stored at all, is encrypted and protected with advanced encryption standards (for instance, AES-256 encryption) We follow PCI-DSS requirements and other industry best practices to ensure the secure processing of payment information on our site.

Despite our efforts, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of your data. However, we continuously review and enhance our security practices to protect your personal information. In the unlikely event of a data breach that affects your personal data, we will notify you and the appropriate authorities as required by law.

You are responsible for maintaining the security of any account credentials for our site (for example, if you create an account, keep your password confidential and do not share it). Notify us immediately if you suspect any unauthorized access to your account or information.

Data Retention

We retain personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. For example, we will keep your account information for as long as your account is active, and as needed to provide you with services. Transaction records and associated personal data may be kept for a period required by financial reporting and tax regulations. We also retain personal information as needed to comply with legal obligations, resolve disputes, and enforce our agreements.

Once personal information is no longer needed for the purposes for which it was collected, or as required by applicable law, we will securely delete or anonymize it. If deletion is not feasible (for example, because the data is stored in backup archives), we will isolate it from further processing until deletion is possible.

Your Rights and Choices

You have certain rights and choices regarding your personal information, subject to local data protection laws:

Access and Correction: You may request access to the personal information we hold about you and ask that we correct or update any inaccuracies. We will provide you with a copy of your information in a commonly used format, and correct any factual errors you identify, as required by law.

Deletion (Right to Erasure): You can request that we delete your personal information. If you wish to close your account or have us remove your information from our records, please contact us (see Contact Us section below). We will honor deletion requests to the extent we are required to do so by applicable law. Note that we may need to retain certain information for legal or internal business reasons (for example, records of transactions you’ve made, or when retention is mandated by law).

Withdrawal of Consent: If we process any of your personal data based on your consent, you have the right to withdraw that consent at any time. For instance, if you have subscribed to receive marketing emails from us, you can opt out at any time by clicking the “unsubscribe” link in the email or contacting us. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.

Opt-Out of Communications: You can opt out of promotional emails or newsletters by following the unsubscribe instructions in those messages or by contacting us. Even after you opt out of marketing communications, you may still receive transactional or administrative emails from us (for example, emails about your orders, updates to terms, or privacy policy changes).

California Privacy Rights: If you are a resident of California, you have specific rights under the CCPA (California Consumer Privacy Act) and/or CPRA. These include the right to know what personal information we collect, disclose, or sell (we do not sell personal data), the right to request deletion of your personal information, the right to opt out of the sale or sharing of your information (if applicable), and the right to not be discriminated against for exercising your privacy rights. To exercise any of these rights, you (or your authorized agent) can contact us using the information below. We will verify your identity before fulfilling certain requests as required by law.

Canadian Privacy Rights: If you are in Canada, your personal information is protected by PIPEDA and relevant provincial laws. You have the right to access your personal information held by us and to request corrections if needed. You can also ask about how your information has been used or disclosed. We will respond to such requests within a reasonable time and as required by law. Additionally, you can contact us to inquire about our privacy practices or to challenge our compliance with applicable laws. If you are not satisfied with our response, you may have the right to contact the Office of the Privacy Commissioner of Canada or relevant provincial privacy regulators.

European and Other International Users: Our services are primarily aimed at users in Canada and the United States. We do not actively target or solicit personal data from individuals in the European Union, United Kingdom, or other regions with comprehensive data protection laws (and in fact, if you are located in the EU/UK, the official Bath Planet site terms state you are not permitted to use the site bathplanet.com). However, if you are using our services from outside Canada/US, you may have similar rights under your local laws (such as the EU General Data Protection Regulation GDPR). If those laws apply and you wish to exercise your rights (for example, rights to access, rectify, erase, restrict processing, or data portability), please contact us and we will honor your request to the extent required by applicable law.

We will not discriminate against you for exercising any of these rights. To make a request regarding your personal data, you can contact us as described in the Contact Us section. We will need to verify your identity (and authority, if you are an authorized agent making the request on someone else’s behalf) before acting on certain requests, to ensure the security of the information.

Children’s Privacy

Our website and services are not intended for children under the age of 13. We do not knowingly collect personal information from anyone under 13 years old without verifiable parental consent. If you are under 13, please do not submit any personal information to us. In the event we learn that we have inadvertently collected personal information from a child under 13, we will take prompt steps to delete such information from our records in compliance with the Children’s Online Privacy Protection Act (COPPA).

For teens between 13 and 18, if you use our site, we recommend that you do so with the consent and involvement of a parent or guardian, as some content or services may require entering a contract or providing personal data.

Parents or guardians who believe that we might have any information from or about a child under 13 may contact us immediately. We will promptly investigate and remove any such information, and take any other appropriate actions required by applicable law.

International Data Transfers

Bath Planet is based in North America (with operations in the United States and/or Canada), so your personal information will likely be processed and stored in these countries. If you are accessing our site from outside the U.S. or Canada, be aware that your information may be transferred to, stored, and processed in our facilities and servers in the U.S. or Canada, as well as the facilities of service providers who may be located in the U.S., Canada, or other jurisdictions. Data protection laws in these countries might differ from those in your home country.

By using our site or providing us with your information, you acknowledge and agree to the transfer of your personal data to the United States, Canada, and potentially other jurisdictions as necessary for the purposes described in this Privacy Policy. We will take steps to ensure that your data is treated securely and in accordance with this Policy no matter where it is processed. For example, if we transfer personal data from Canada to the U.S. or another country, we will rely on legally-provided mechanisms to lawfully transfer data across borders (such as contracts incorporating standard data protection clauses, or the consent of the individual, as applicable).

If you do not want your information transferred to or processed in the United States or Canada, please refrain from using our services. Otherwise, by using the site, you consent to any such transfer, processing, and storage of information in countries outside of your country of residence.

Changes to this Privacy Policy

We may update or modify this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make material changes to how we handle your personal information, we will provide notice to you by posting the updated Privacy Policy on this site and updating the “Effective Date” at the top. In some cases, we might also notify you by other means, such as email or a notice on our homepage, especially if required by law.

You should review this Privacy Policy periodically to stay informed about our data practices. Your continued use of the website or our services after any changes to this Privacy Policy have been posted will signify your acceptance of those changes. If you do not agree with the changes, you should discontinue use of the site and services and contact us to address any concerns.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact us:

Email: [email protected]

Mailing Address: Bath Planet, 487 St Guillaume Rd, Vars, ON K0A 3H0

Phone: (613) 869-6398 (ask for the Privacy Officer)

Please note that the contact details above are provided as examples. Use the actual contact information for the company when implementing this policy. We will respond to legitimate inquiries or requests as soon as reasonably possible, and at most within any timeframe required by law.